Post Job Free

Resume

Sign in

Security Sap

Location:
Plano, TX
Posted:
February 09, 2021

Contact this candidate

Resume:

ANIL JALLEPALLI

SAP SECURITY and GRC CONSULTANT

Contact - 801-***-**** Email – adj09s@r.postjobfree.com Linked in - linkedin.com/in/aniljallepalli

SUMMARY

* ***** ** ********** ** SAP Security and GRC projects including implementations, upgrades and support projects.

Experience with design & implementation of SAP roles that meet SOX regulatory, considering their sustainable maintenance and segregation of duties requirement

Good exposure to SAP systems landscape and GxP and Non-GxP business process and system compliance architecture

Experience in SAP security concepts and User/Role administration across Knowledge in SAP security concepts and User/Role administration across ECC, BW, BI, TMS, Enterprise Portal, CRM, SRM BOBJ, HANA, S4 HANA and FIORI.

Responsible for adhering to applications security procedures, change control guidelines and Sarbanes-Oxley IT and business requirements.

Strong experience with Role Design and Modification as per SOX and Segregation of Duties (SOD) security requirements and compliance.

Experience leading SAP Security and GRC Projects, including role re-design, roll-out, enhancement and implementations.

Worked on SAP GRC upgrade from 10.1 to 12.0

Managed and implemented multiple SAP GRC projects as Technical Lead and Project Manager.

Design and develop test strategies and test cases to test automated controls and issues created for deficiencies.

Implemented Access Control and Process Control Modules in SAP GRC 10.1

Access Control

BRF+ rules and MSMP workflows in SAP GRC Access Control 10.1

Business Role Management

Implement and update SoD, Critical Action and Critical permission rule sets including multiple rule set and work with internal control to define mitigation controls for the risks.

Centralized and Decentralized firefighter model based on user

Process Control

Implemented Automated Monitoring (CCM)and Issue Management modules

Automated Monitoring with Query based sub scenarios (Configurable, ABAP Reports, SAP Query, SoD Integration)

Set up Organizations, Business process and subprocesses, regulations, controls

Set up data source, business rules and maps business rules to controls (business rule assignments).

SKILL SET

SAP Security

ECC

BI / BW

HANA

SAP S/4 HANA

FIORI

BOBJ

Java UME, Enterprise Portal

CRM, SRM

SAP GRC

ACCESS CONTROL

PROCESS CONTROL

PROFESSIONAL EXPERIENCE

EMPLOYER – MASTECH DIGITAL INC (Jun’20 to Present)

EMPLOYER – BEACON-HILL STAFFING GROUP LLC (Jan’20 to May’20)

SAP SECURITY AND GRC ADMINISTRATOR

CLIENT – BRIDGESTONE AMERICAS

Nashville, Tennessee-based Bridgestone Americas, Inc. (BSAM) is the U.S. subsidiary of Bridgestone Corporation, the world's largest tire and rubber company. BSAM and its subsidiaries develop, manufacture and market a wide range of Bridgestone, Firestone and associate brand tires to address the needs of a broad range of customers, including consumers, automotive and commercial vehicle original equipment manufacturers, and those in the agricultural, forestry and mining industries.

RESPONSIBILITIES

Maintaining access provisioning for Bridgestone Enterprise Resource Planning Applications (SAP and non-SAP applications)

Supporting existing SAP landscape and GRC applications of Bridgestone. Resolving any user access or authentication issues for Bridgestone SAP and PeopleSoft applications.

Monitoring daily issues and requests in ITSM tool from SAP application users with respect to access and authorization.

Resolving issues on SAP GRC Access Control related to Access Request Management, Access Risk Management, Business Role Management and Emergency Access Management.

Processing implementations, roll-outs, and analyzing for new custom or existing transactions for SoD conflicts and critical access, and updating SoD risk matrix accordingly.

Working with internal and external auditors to provide evidences for controls related to JSOX.

Technical configuration and implementation for upgrades, new roll-outs and implementations

Preparing project detail plans, requirement gathering and proposing technical solution design.

Configuration and implementation in SAP solutions like S4HANA and FIORI.

Upgrade SAP GRC 10.1 to 12.0, tasks including analyzing SAP notes, adjusting roles, activating BC sets, setting up Fiori launchpad, role name conversions, configuring NetWeaver gateway, resubmitting open requests

Unit testing, System Integration testing, and User Acceptance testing for roll out and enhancement projects.

Designing test strategy, test cases and coordinating with end users for user acceptance testing.

Providing Hypercare for new roll-outs and implementations.

Support to Internal and external auditors in Governance and Compliance

Providing user access management policies and procedures to audit teams.

Providing evidence for controls related to user access management based on sample requests provided by audit team.

Providing approvals and justifications to deviation from UAM policies and procedures.

Providing change control evidence and approvals for the samples picked by audit team.

Providing SoX and SoD reports to ensure compliance with regulations.

SKILLSET

SAP GRC Access Control 10.1 SAP GRC AC 12, Access Request Management, Access Risk Analysis, Business Role Management, Emergency Access Management, SAP ECC Security, SAP S4 Security, SAP FIORI Security, SAP BW Security, CRM, BPC and HR Security

EMPLOYER – RADIANT SYSTEMS INC (April’18 to Jan’20)

SAP GRC LEAD

CLIENT – SANOFI

Sanofi-Aventis is the global leader in pharmaceuticals manufacturing and marketing (Life science) industry and having business operations in across the world – USA, Canada, France and Asia and Africa, Europe, Australia

RESPONSIBILITIES

Coordinate and manage projects in SAP GRC area for Sanofi

Act as global point of contact for SAP GRC projects, enhancements, internal and external auditors

Participate in training and coaching of end users on usage of applications

Work with Sanofi User Access Management (UAM) Leaders to harmonize UAM procedures and to comply with governance.

Contribute to global support initiatives according to the priorities

Work with UAM team to provide responses and evidences to internal and external auditors (PwC).

PROJECTS

Migrate to Global GRC application Decommissioning of Local GRC application/s

Objective of the project is to migrate target applications from local (country specific) GRC application to Global GRC application, followed by archiving, retiring and decommissioning of local GRC applications.

Integrate target systems from local GRC to Global GRC for access request workflows (MSMP)

Update Rule set to include custom risks and transactions from local GRC applications

Update FFID approach from centralized to decentralized and update configurations on target systems accordingly.

Audit log data is archived to Global GRC application through custom program developed by ABAP team.

Update process documentation to retire local GRC application

SHIFT Integrate new S4 HANA landscape and Solution Manager application to GRC

Objective of the project is to integrate new S4 HANA landscape including S4, MDG, FIORI, GTS, BW and PI application to SAP GRC Access Control 10.1 tasks involving

Design new workflows for access request, Business Role Management, Mitigation control updates and User Access Review.

Work with Internal control to review SoD rule set and update accordingly and extend rule set to custom transactions and FIORI Webdynpro applications.

Prepare Mitigation Control referential for SoD risks defined in SAP GRC with Internal Control Manual controls.

Define MSMP Paths and stages for new S4 landscape.

Update BRF+ based Initiator and routing rules and update MSMP stage mapping accordingly.

Implement Business Role Methodology and update Configurations.

Create new set of Business Roles for S4 HANA landscape.

Roll-out Decentralized Firefighter Model to new landscape.

SKILLSET

SAP GRC Access Control 10.1, Access Request Management, Access Risk Analysis, Business Role Management, Emergency Access Management, SAP ECC Security, SAP S4 Security, SAP HANA Security, SAP FIORI Security, SAP BW Security

EMPLOYER – First Consulting Services (Jul’2016 to Mar’2018)

Senior SAP Security and GRC Consultant

CLIENT – SANOFI

Sanofi-Aventis is the global leader in pharmaceuticals manufacturing and marketing (Life science) industry and having business operations in across the world – USA, Canada, France and Asia and Africa, Europe, Australia

RESPONSIBILITIES

Lead SAP Projects – SAP Security and GRC

Play a key role in the full SAP Security GRC project lifecycle, from initial set-up of the project to the final delivery of the result

Project Planning & execution

Work with the client to analyze their requirements: prepare and participate in workshops, requirement documentation

Interact with business partners and gather business requirement

Act as liaison with client for troubleshooting: investigate, analyze, and solve software problems and map client business requirements, processes and objectives

Develop necessary product modifications to satisfy clients' needs

Maintain a thorough knowledge of the organization and adheres to all organizational standards

PROJECTS

SAP GRC Process Control 10.1 Implementation

Objective of the project is to implement SAP GRC process control 10.1 for Sanofi implementing IT General and Finance & Treasury controls.

• Perform process control configuration settings

• Gather requirements from business on IT General and Business controls

• Design Controls identify control and remediation owners.

• Customize request description in work-inbox to add Control name on the request work-inbox link

• Set up Organizations, Business process and subprocesses, regulations, controls

• Set up data source, business rules and maps business rules to controls (business rule assignments).

• Schedule automated monitoring.

• Work with Control owners and Remediation owners to review and update controls based on the feedback.

• Design and develop test strategies and test cases to test automated controls and issues created for deficiencies.

Global SoD Matrix implementation

Objective of the project is to redesign SoD risk matrix as per global SoD risk definition.

• Lead Global SoD Matrix Implementation for GRC 10.1 and VIRSA 4.0 Systems

• Update Ruleset based on custom rule set definition provided by organization global compliance team; update risks – enable/disable risks, change risk level; create new risks (from Standard SAP functions)

• Perform User and Role Level Risk Analysis & prepare action plan to remediate & mitigate risks with Internal Control team

• Identified roles with role level SoD Conflicts and remediated them

• Work with Business & Internal Control team to remediate/mitigate user level risks

• Identify custom transactions with SoD Conflict and include them in SoD Matrix

• Create test scripts & co-ordinate with business for testing role changes

• Update roles and user-role assignments to remediate risk at user level.

• Help Internal control team create Mitigation Control and mass assignment of Mitigation Controls

SKILLSET

VIRSA 4.0, Compliance calibrator, SAP GRC Access Control 10.1, Access Risk Analysis, SAP GRC Process Control 10.1, Automated Monitoring, Issue Management, SAP ECC Security, SAP BW Security, SAP SOLUTION MANAGER

EMPLOYER - 3S Business Corporations (February’ 16 – June’16)

SAP Security and GRC Consultant

CLIENT – Genzyme

SAP Security and GRC Consultant

Work with the business area owners and business analysts to gather security requirements, assist in designing and building appropriate role-based security for the SAP environments including role definition and job/position mapping

Perform tasks to ensure that user accounts are updated with accurate information and actively being used in SAP systems (ABAP, Java, Portal)

Creating and adjusting roles within SAP systems as per business requirements and security guidelines

Assigning authorized access/roles to user accounts in SAP systems (Java, Portal)

Assist SAP Security and Basis team and support go-live projects.

Built new country specific Master/Derived role prototype for business areas (ATR, SCM, MFG, OTC).

Assisted in building, and changing current roles in ECC, HANA (Repository role type) and BW. Ad-hoc user maintenance in Dev/QAS/Sandbox.

Enabled Security team to have role changes and additions complete prior to system enhancements/upgrades.

Even faster turnaround time for Security change requests.

Developed knowledge for future team Members in SAP Security.

Allowed SAP Security team to analyze, and revamp Security processes.

Assist in design, document and continually enhance SAP security administration policies, processes, and procedures for the SAP environment

Testing of security roles to ensure proper implementation and accuracy of security roles

Learn and utilize company’s change management processes to handle SAP security requests

Worked on GRC AC 10.1 administration activities like creating Access requests, forwarding to other approvers, approving requests on behalf of approvers, checking the status and troubleshooting access issues.

Created and maintained paths for MSMP workflows.

Extended workflows using BRFplus

Monitor and Administer Emergency Access Management and Firefighter Users

SKILLSET

SAP ECC, CRM, APO, BI, BOBJ & HANA Security and GRC AC 10.1

EMPLOYER – TATA CONSUTING SERVICES (Nov’13 to Jul’14)

SAP SECURITY ANALYST

CLIENT – Ericson

Ericsson is a Swedish multinational networking and telecommunications company headquartered in Stockholm having business operations across 180 countries

RESPONSIBILITIES

Responsible for production support and enhancements for Ericsson SAP Systems. Resolve service requests for user authorization issues; role updates and user access requests

Add SAP system into GRC Landscape: Co-ordinate with Basis and GRC Implementation to add GRC Plug-in new target systems; implement User exit to prevent direct firefighter login. Setup Firefighter IDs in Target system and perform SIT testing

Responsible for Role Design & development for Phase II (Business roles)

Phase III (Merge EM & EWM systems to TMS box) implementation of SAP Transportation Management System.

Develop SRM PFCG and enterprise portal roles. Develop role menu based on the enterprise role/group authorizations. User administration including managing business partners (BP) and PPOMA (Org Mgmt) assignment for users.

Also, portal user administration for SRM users. Troubleshoot user access in NetWeaver and SAP SRM systems.

Manage User administration and Role administration in SAP HANA System. Developed SAP HANA Repository roles.

Worked on GRC AC 10.1 administration activities like creating Access requests, forwarding to other approvers, approving requests on behalf of approvers, checking the status and troubleshooting access issues.

SKILLSET

SAP GRC Access Control 10.1, Access Request Management, Access Risk Analysis, Emergency Access Management, SAP ECC, SRM, HANA and BOBJ Security

EMPLOYER –WIPRO TECHNOLOGIES (Sep’11 to Nov’13)

PROJECT ENGINEER (SAP Administrator)

CLIENT – Philips

Philips is a Dutch multinational conglomerate corporation headquartered in Amsterdam, one of the largest electronics companies in the world, currently focused in the area of healthcare and lighting.

RESPONSIBILITIES

Responsible for production support and enhancements for Ericsson SAP Systems. Resolve service requests for user authorization issues; role updates and user access requests

Production Support: Responsible for Security of SAP (modules SD, MM, FI, CRM, BI, GRC & EP) for production support.

Responsible for Access provisioning in SAP ERP systems and trouble shoot issues with user access and authorizations.

Part of role development; create new roles as per design specifications. Role re-design initiated to reduce role redundancy & improve efficiency and effectiveness. Prepare test scripts and co-ordinate for Unit Testing with functional teams.

Assist Internal and External Auditors in Annual Authorization Review. Work with external auditors (E&Y) to explain Philips security SOPs.

Troubleshoot user access issues in BI system through RSECADMIN.

Resolve end user issues in BI system regarding access to reports.

Performed troubleshooting on R/3 Security problems by using system traces.

Performed reconciliation of user master records and roles.

Used report to obtain overview of authorizations and users in SAP system.

Assisting Internal and External Auditors in Annual Authorization Review.

Performed risk analysis with the help of GRC RAR at user/role/critical transactions level to identify SoD and SOX risks and remediate or mitigate them as per the requirements.

Part of CRM and enterprise portal user management and role maintenance.

Monitored HP Service Manager for any change to user access and Role maintenance.

SKILLSET

SAP GRC Access Control 5.3, SAP ECC, CRM, BW and Enterprise Portal Security

EDUCATION

Master of Science in Management Information Systems

University of Illinois

2014-2015

Bachelor of Technology in Computer Science and Engineering

Amity University

2007-2011



Contact this candidate